HyperDbg Debugger
Loading...
Searching...
No Matches
Ioctls.h File Reference

HyperDbg's SDK IOCTL codes. More...

Go to the source code of this file.

Macros

#define CTL_CODE(DeviceType, Function, Method, Access)
#define FILE_ANY_ACCESS   0
#define METHOD_BUFFERED   0
#define FILE_DEVICE_UNKNOWN   0x00000022
#define CTL_CODE_FUNCTION(Code)
 Extract the function from an IOCTL code.
#define IOCTL_START_CODE   0x800
 Base code for IOCTLs.
#define IOCTL_BASIC_IOCTL   IOCTL_START_CODE + 0x00
 ioctl, for basic communication between user-mode and kernel-mode, and for loading and initializing the driver and its components
#define IOCTL_KD_IOCTL   IOCTL_START_CODE + 0x100
 ioctl, for KD (Kernel Debugger) related functionalities
#define IOCTL_VMM_IOCTL   IOCTL_START_CODE + 0x200
 ioctl, for VMM and debugger related functionalities
#define IOCTL_HYPERTRACE_IOCTL   IOCTL_START_CODE + 0x300
 ioctl, for HyperTrace related functionalities
#define IOCTL_INIT_VMM   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, initialize the VMM module
#define IOCTL_INIT_HYPERTRACE   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, initialize the HyperTrace module
#define IOCTL_REGISTER_EVENT   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, register a new event
#define IOCTL_RETURN_IRP_PENDING_PACKETS_AND_DISALLOW_IOCTL   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, irp pending mechanism for reading from message tracing buffers
#define IOCTL_TERMINATE_VMX   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to terminate vmx and exit form debugger
#define IOCTL_DEBUGGER_READ_MEMORY   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, request to read memory
#define IOCTL_DEBUGGER_READ_OR_WRITE_MSR   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, request to read or write on a special MSR
#define IOCTL_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, request to read page table entries
#define IOCTL_DEBUGGER_REGISTER_EVENT   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x05, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, register an event
#define IOCTL_DEBUGGER_ADD_ACTION_TO_EVENT   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x06, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, add action to event
#define IOCTL_DEBUGGER_HIDE_AND_UNHIDE_TO_TRANSPARENT_THE_DEBUGGER   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x07, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, request to enable or disable transparent-mode
#define IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x08, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, for !va2pa and !pa2va commands
#define IOCTL_DEBUGGER_EDIT_MEMORY   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x09, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, request to edit virtual and physical memory
#define IOCTL_DEBUGGER_SEARCH_MEMORY   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0a, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, request to search virtual and physical memory
#define IOCTL_DEBUGGER_MODIFY_EVENTS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0b, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, request to modify an event (enable/disable/clear)
#define IOCTL_DEBUGGER_FLUSH_LOGGING_BUFFERS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0c, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, flush the kernel buffers
#define IOCTL_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0d, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, attach or detach user-mode processes
#define IOCTL_DEBUGGER_PRINT   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0e, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, print states (Deprecated)
#define IOCTL_PREPARE_DEBUGGEE   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0f, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, prepare debuggee
#define IOCTL_PAUSE_PACKET_RECEIVED   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x10, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, pause and halt the system
#define IOCTL_SEND_SIGNAL_EXECUTION_IN_DEBUGGEE_FINISHED   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x11, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, send a signal that execution of command finished
#define IOCTL_SEND_USERMODE_MESSAGES_TO_DEBUGGER   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x12, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, send user-mode messages to the debugger
#define IOCTL_SEND_GENERAL_BUFFER_FROM_DEBUGGEE_TO_DEBUGGER   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x13, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, send general buffer from debuggee to debugger
#define IOCTL_PERFORM_KERNEL_SIDE_TESTS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x14, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to perform kernel-side tests
#define IOCTL_RESERVE_PRE_ALLOCATED_POOLS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x15, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to reserve pre-allocated pools
#define IOCTL_SEND_USER_DEBUGGER_COMMANDS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x16, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to send user debugger commands
#define IOCTL_GET_DETAIL_OF_ACTIVE_THREADS_AND_PROCESSES   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x17, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to get active threads/processes that are debugging
#define IOCTL_GET_USER_MODE_MODULE_DETAILS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x18, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to get user mode modules details
#define IOCTL_QUERY_COUNT_OF_ACTIVE_PROCESSES_OR_THREADS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x19, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, query count of active threads or processes
#define IOCTL_GET_LIST_OF_THREADS_AND_PROCESSES   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1a, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to get list threads/processes
#define IOCTL_QUERY_CURRENT_PROCESS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1b, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, query the current process details
#define IOCTL_QUERY_CURRENT_THREAD   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1c, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, query the current thread details
#define IOCTL_REQUEST_REV_MACHINE_SERVICE   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1d, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, request service from the reversing machine
#define IOCTL_DEBUGGER_BRING_PAGES_IN   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1e, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, request to bring pages in
#define IOCTL_PREACTIVATE_FUNCTIONALITY   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1f, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to preactivate a functionality
#define IOCTL_PCIE_ENDPOINT_ENUM   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x20, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to enumerate PCIe endpoints
#define IOCTL_PERFORM_ACTIONS_ON_APIC   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x21, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to perform actions related to APIC
#define IOCTL_PCIDEVINFO_ENUM   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x22, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to query for PCI endpoint info
#define IOCTL_QUERY_IDT_ENTRY   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x24, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to query the IDT entries
#define IOCTL_SET_BREAKPOINT_USER_DEBUGGER   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x25, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to set breakpoint for the user debugger
#define IOCTL_PERFORM_SMI_OPERATION   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x26, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to perform SMI operations
#define IOCTL_PERFORM_HYPERTRACE_UNLOAD   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to unload HyperTrace module
#define IOCTL_PERFORM_HYPERTRACE_LBR_OPERATION   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to perform HyperTrace LBR operations
#define IOCTL_PERFORM_HYPERTRACE_LBR_DUMP   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to perform HyperTrace LBR dump
#define IOCTL_PERFORM_HYPERTRACE_PT_OPERATION   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to perform HyperTrace PT operations
#define IOCTL_PERFORM_HYPERTRACE_PT_MMAP   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x05, METHOD_BUFFERED, FILE_ANY_ACCESS)
 ioctl, to map per-CPU HyperTrace PT output buffers into the calling user-mode process. See HYPERTRACE_PT_MMAP_PACKETS.

Detailed Description

HyperDbg's SDK IOCTL codes.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

This file contains definitions of IOCTLs used in HyperDbg

Version
0.2
Date
2022-06-24

Macro Definition Documentation

◆ CTL_CODE

#define CTL_CODE ( DeviceType,
Function,
Method,
Access )
Value:
( \
((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
29# define CTL_CODE(DeviceType, Function, Method, Access) ( \
30 ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))

◆ CTL_CODE_FUNCTION

#define CTL_CODE_FUNCTION ( Code)
Value:
(((Code) >> 2) & 0xFFF)

Extract the function from an IOCTL code.

◆ FILE_ANY_ACCESS

#define FILE_ANY_ACCESS   0

◆ FILE_DEVICE_UNKNOWN

#define FILE_DEVICE_UNKNOWN   0x00000022

◆ IOCTL_BASIC_IOCTL

#define IOCTL_BASIC_IOCTL   IOCTL_START_CODE + 0x00

ioctl, for basic communication between user-mode and kernel-mode, and for loading and initializing the driver and its components

◆ IOCTL_DEBUGGER_ADD_ACTION_TO_EVENT

#define IOCTL_DEBUGGER_ADD_ACTION_TO_EVENT   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x06, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, add action to event

171#define IOCTL_DEBUGGER_ADD_ACTION_TO_EVENT \
172 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x06, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS

#define IOCTL_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0d, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, attach or detach user-mode processes

220#define IOCTL_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS \
221 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0d, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_BRING_PAGES_IN

#define IOCTL_DEBUGGER_BRING_PAGES_IN   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1e, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, request to bring pages in

340#define IOCTL_DEBUGGER_BRING_PAGES_IN \
341 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1e, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_EDIT_MEMORY

#define IOCTL_DEBUGGER_EDIT_MEMORY   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x09, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, request to edit virtual and physical memory

192#define IOCTL_DEBUGGER_EDIT_MEMORY \
193 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x09, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_FLUSH_LOGGING_BUFFERS

#define IOCTL_DEBUGGER_FLUSH_LOGGING_BUFFERS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0c, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, flush the kernel buffers

213#define IOCTL_DEBUGGER_FLUSH_LOGGING_BUFFERS \
214 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0c, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_HIDE_AND_UNHIDE_TO_TRANSPARENT_THE_DEBUGGER

#define IOCTL_DEBUGGER_HIDE_AND_UNHIDE_TO_TRANSPARENT_THE_DEBUGGER   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x07, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, request to enable or disable transparent-mode

178#define IOCTL_DEBUGGER_HIDE_AND_UNHIDE_TO_TRANSPARENT_THE_DEBUGGER \
179 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x07, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_MODIFY_EVENTS

#define IOCTL_DEBUGGER_MODIFY_EVENTS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0b, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, request to modify an event (enable/disable/clear)

206#define IOCTL_DEBUGGER_MODIFY_EVENTS \
207 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0b, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_PRINT

#define IOCTL_DEBUGGER_PRINT   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0e, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, print states (Deprecated)

228#define IOCTL_DEBUGGER_PRINT \
229 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0e, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_READ_MEMORY

#define IOCTL_DEBUGGER_READ_MEMORY   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, request to read memory

143#define IOCTL_DEBUGGER_READ_MEMORY \
144 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_READ_OR_WRITE_MSR

#define IOCTL_DEBUGGER_READ_OR_WRITE_MSR   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, request to read or write on a special MSR

150#define IOCTL_DEBUGGER_READ_OR_WRITE_MSR \
151 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS

#define IOCTL_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, request to read page table entries

157#define IOCTL_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS \
158 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_REGISTER_EVENT

#define IOCTL_DEBUGGER_REGISTER_EVENT   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x05, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, register an event

164#define IOCTL_DEBUGGER_REGISTER_EVENT \
165 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x05, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_SEARCH_MEMORY

#define IOCTL_DEBUGGER_SEARCH_MEMORY   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0a, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, request to search virtual and physical memory

199#define IOCTL_DEBUGGER_SEARCH_MEMORY \
200 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0a, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS

#define IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x08, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, for !va2pa and !pa2va commands

185#define IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS \
186 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x08, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_GET_DETAIL_OF_ACTIVE_THREADS_AND_PROCESSES

#define IOCTL_GET_DETAIL_OF_ACTIVE_THREADS_AND_PROCESSES   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x17, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to get active threads/processes that are debugging

291#define IOCTL_GET_DETAIL_OF_ACTIVE_THREADS_AND_PROCESSES \
292 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x17, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_GET_LIST_OF_THREADS_AND_PROCESSES

#define IOCTL_GET_LIST_OF_THREADS_AND_PROCESSES   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1a, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to get list threads/processes

312#define IOCTL_GET_LIST_OF_THREADS_AND_PROCESSES \
313 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1a, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_GET_USER_MODE_MODULE_DETAILS

#define IOCTL_GET_USER_MODE_MODULE_DETAILS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x18, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to get user mode modules details

298#define IOCTL_GET_USER_MODE_MODULE_DETAILS \
299 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x18, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_HYPERTRACE_IOCTL

#define IOCTL_HYPERTRACE_IOCTL   IOCTL_START_CODE + 0x300

ioctl, for HyperTrace related functionalities

◆ IOCTL_INIT_HYPERTRACE

#define IOCTL_INIT_HYPERTRACE   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, initialize the HyperTrace module

107#define IOCTL_INIT_HYPERTRACE \
108 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_INIT_VMM

ioctl, initialize the VMM module

100#define IOCTL_INIT_VMM \
101 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_KD_IOCTL

#define IOCTL_KD_IOCTL   IOCTL_START_CODE + 0x100

ioctl, for KD (Kernel Debugger) related functionalities

◆ IOCTL_PAUSE_PACKET_RECEIVED

#define IOCTL_PAUSE_PACKET_RECEIVED   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x10, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, pause and halt the system

242#define IOCTL_PAUSE_PACKET_RECEIVED \
243 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x10, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PCIDEVINFO_ENUM

#define IOCTL_PCIDEVINFO_ENUM   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x22, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to query for PCI endpoint info

368#define IOCTL_PCIDEVINFO_ENUM \
369 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x22, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PCIE_ENDPOINT_ENUM

#define IOCTL_PCIE_ENDPOINT_ENUM   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x20, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to enumerate PCIe endpoints

354#define IOCTL_PCIE_ENDPOINT_ENUM \
355 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x20, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PERFORM_ACTIONS_ON_APIC

#define IOCTL_PERFORM_ACTIONS_ON_APIC   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x21, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to perform actions related to APIC

361#define IOCTL_PERFORM_ACTIONS_ON_APIC \
362 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x21, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PERFORM_HYPERTRACE_LBR_DUMP

#define IOCTL_PERFORM_HYPERTRACE_LBR_DUMP   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to perform HyperTrace LBR dump

414#define IOCTL_PERFORM_HYPERTRACE_LBR_DUMP \
415 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PERFORM_HYPERTRACE_LBR_OPERATION

#define IOCTL_PERFORM_HYPERTRACE_LBR_OPERATION   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to perform HyperTrace LBR operations

407#define IOCTL_PERFORM_HYPERTRACE_LBR_OPERATION \
408 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PERFORM_HYPERTRACE_PT_MMAP

#define IOCTL_PERFORM_HYPERTRACE_PT_MMAP   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x05, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to map per-CPU HyperTrace PT output buffers into the calling user-mode process. See HYPERTRACE_PT_MMAP_PACKETS.

429#define IOCTL_PERFORM_HYPERTRACE_PT_MMAP \
430 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x05, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PERFORM_HYPERTRACE_PT_OPERATION

#define IOCTL_PERFORM_HYPERTRACE_PT_OPERATION   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to perform HyperTrace PT operations

421#define IOCTL_PERFORM_HYPERTRACE_PT_OPERATION \
422 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PERFORM_HYPERTRACE_UNLOAD

#define IOCTL_PERFORM_HYPERTRACE_UNLOAD   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to unload HyperTrace module

400#define IOCTL_PERFORM_HYPERTRACE_UNLOAD \
401 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PERFORM_KERNEL_SIDE_TESTS

#define IOCTL_PERFORM_KERNEL_SIDE_TESTS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x14, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to perform kernel-side tests

270#define IOCTL_PERFORM_KERNEL_SIDE_TESTS \
271 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x14, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PERFORM_SMI_OPERATION

#define IOCTL_PERFORM_SMI_OPERATION   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x26, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to perform SMI operations

389#define IOCTL_PERFORM_SMI_OPERATION \
390 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x26, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PREACTIVATE_FUNCTIONALITY

#define IOCTL_PREACTIVATE_FUNCTIONALITY   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1f, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to preactivate a functionality

347#define IOCTL_PREACTIVATE_FUNCTIONALITY \
348 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1f, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_PREPARE_DEBUGGEE

#define IOCTL_PREPARE_DEBUGGEE   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0f, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, prepare debuggee

235#define IOCTL_PREPARE_DEBUGGEE \
236 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0f, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_QUERY_COUNT_OF_ACTIVE_PROCESSES_OR_THREADS

#define IOCTL_QUERY_COUNT_OF_ACTIVE_PROCESSES_OR_THREADS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x19, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, query count of active threads or processes

305#define IOCTL_QUERY_COUNT_OF_ACTIVE_PROCESSES_OR_THREADS \
306 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x19, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_QUERY_CURRENT_PROCESS

#define IOCTL_QUERY_CURRENT_PROCESS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1b, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, query the current process details

319#define IOCTL_QUERY_CURRENT_PROCESS \
320 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1b, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_QUERY_CURRENT_THREAD

#define IOCTL_QUERY_CURRENT_THREAD   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1c, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, query the current thread details

326#define IOCTL_QUERY_CURRENT_THREAD \
327 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1c, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_QUERY_IDT_ENTRY

#define IOCTL_QUERY_IDT_ENTRY   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x24, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to query the IDT entries

375#define IOCTL_QUERY_IDT_ENTRY \
376 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x24, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_REGISTER_EVENT

#define IOCTL_REGISTER_EVENT   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, register a new event

114#define IOCTL_REGISTER_EVENT \
115 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_REQUEST_REV_MACHINE_SERVICE

#define IOCTL_REQUEST_REV_MACHINE_SERVICE   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1d, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, request service from the reversing machine

333#define IOCTL_REQUEST_REV_MACHINE_SERVICE \
334 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1d, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_RESERVE_PRE_ALLOCATED_POOLS

#define IOCTL_RESERVE_PRE_ALLOCATED_POOLS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x15, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to reserve pre-allocated pools

277#define IOCTL_RESERVE_PRE_ALLOCATED_POOLS \
278 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x15, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_RETURN_IRP_PENDING_PACKETS_AND_DISALLOW_IOCTL

#define IOCTL_RETURN_IRP_PENDING_PACKETS_AND_DISALLOW_IOCTL   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, irp pending mechanism for reading from message tracing buffers

121#define IOCTL_RETURN_IRP_PENDING_PACKETS_AND_DISALLOW_IOCTL \
122 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_SEND_GENERAL_BUFFER_FROM_DEBUGGEE_TO_DEBUGGER

#define IOCTL_SEND_GENERAL_BUFFER_FROM_DEBUGGEE_TO_DEBUGGER   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x13, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, send general buffer from debuggee to debugger

263#define IOCTL_SEND_GENERAL_BUFFER_FROM_DEBUGGEE_TO_DEBUGGER \
264 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x13, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_SEND_SIGNAL_EXECUTION_IN_DEBUGGEE_FINISHED

#define IOCTL_SEND_SIGNAL_EXECUTION_IN_DEBUGGEE_FINISHED   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x11, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, send a signal that execution of command finished

249#define IOCTL_SEND_SIGNAL_EXECUTION_IN_DEBUGGEE_FINISHED \
250 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x11, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_SEND_USER_DEBUGGER_COMMANDS

#define IOCTL_SEND_USER_DEBUGGER_COMMANDS   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x16, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to send user debugger commands

284#define IOCTL_SEND_USER_DEBUGGER_COMMANDS \
285 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x16, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_SEND_USERMODE_MESSAGES_TO_DEBUGGER

#define IOCTL_SEND_USERMODE_MESSAGES_TO_DEBUGGER   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x12, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, send user-mode messages to the debugger

256#define IOCTL_SEND_USERMODE_MESSAGES_TO_DEBUGGER \
257 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x12, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_SET_BREAKPOINT_USER_DEBUGGER

#define IOCTL_SET_BREAKPOINT_USER_DEBUGGER   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x25, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to set breakpoint for the user debugger

382#define IOCTL_SET_BREAKPOINT_USER_DEBUGGER \
383 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x25, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_START_CODE

#define IOCTL_START_CODE   0x800

Base code for IOCTLs.

◆ IOCTL_TERMINATE_VMX

#define IOCTL_TERMINATE_VMX   CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS)

ioctl, to terminate vmx and exit form debugger

136#define IOCTL_TERMINATE_VMX \
137 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS)

◆ IOCTL_VMM_IOCTL

#define IOCTL_VMM_IOCTL   IOCTL_START_CODE + 0x200

ioctl, for VMM and debugger related functionalities

◆ METHOD_BUFFERED

#define METHOD_BUFFERED   0